2 matches found
CVE-2013-7287
The CVE-2013-7287 entry concerns MobileIron VSP < 5.9.1 and Sentry
CVE-2014-1409
MobileIron VSP before 5.9.1 and Sentry before 5.0 are affected by an authentication bypass via an XML file containing obfuscated passwords. The root cause is improper filtering of the j_username parameter in /mics/j_spring_security_check, enabling blind XPath injection to read XML config data. Ex...